Solved

how to remove newfolder.exe, Bimat.exe and IEXPLORER.exe

Posted on 2009-05-05
4
1,457 Views
Last Modified: 2013-11-05
Hi Friends,

I am facing a lot of problem regarding the infection in our network newfolder.exe, Bimat.exe and  IEXPLORER.exe. I am using Combofix and SDFix tools to clean, its perfectly working but again the users get same problem after 1 or 2 days may be thsi will be happening of network and i cant clean network with in one or two days coz we have more than 100 Pc. we are using Kaspersky and ESET Nod32 Antivirsus only so is there any tool it will remove from network or any anti spyware or else software it will make helpful and protection to our network. the acceptable answer from any one will helpful to me...............
0
Comment
Question by:cscdubai
  • 2
  • 2
4 Comments
 
LVL 11

Expert Comment

by:NaturaTek
Comment Utility
CSC,

I feel your pain. If I were you, I would reinstall and make a image with acronis. When users cause damage, just reimage them in 6 minutes and copy their data back on for WORST case scenarios.
If you have more than 100 pcs, this is ideal. Will save you lots of work down the road.

However to clean up in your situation I would first disable system restore. Download ccleaner from ccleaner.com
Download superantispyware (superantispyware.com) and malwarebytes antimalware (malwarebytes.org)

Boot into safe mode. Run ccleaner. The reason I do ccleaner first is because it will clean out all temp files, caches, etc..so you don't have to spend a extra hour or so scanning nonsense files.
Run Malwarebytes, do a full scan, remove all selected when done, reboot in safemode, run superantispyware, full scan, remove all selected reboot in safe mode.

Download autoruns from Microsoft. Run it and see if you find any strange service/driver/app loading up that you know for sure it's not related to the OS or your environment. Delete them.

Boot normally and see if you are cleaned.

Combofix in safe mode is a last step in my book. Eset is good so is Kaspersky, and many others. In my years of experience I find one antivirus finds something another wont. Same apply for antispyware programs.

Believe it or not for a business environment I would stick with Kaspersky or Symantec Endpoint protection..because it is very strict and configurable in network environments.

If you are using Eset 4.0, go into options and create yourself a bootable cd from there, so you can boot from the eset CD and scan without even booting into windows. Same with Kaspersky..I think they have that option as well now.

Of course, before running any scan, or creating a boot scan cd, be sure to update definition files to current date.

I do swear by a good antivirus used in combination with malwarebytes and superantispyware. I don't run them all together, I do run the last 2 as maintenance every week or two, or the moment a user did web browsing in the underworlds.

I would create policies to prohibit installation of rogue programs and create security in Internet Explorer preventing sites with keywords or designated sites. Of course if you guys have some network rackmount items, you can create rules to prohibit sites into your network.

Doesn't matter if you clean and clean, users will be users and will click on every dang thing on the web, in a few days, computer will be infected all over again.

I do find symantec endpoint or eset RUNNING along side of malwarebytes in REAL TIME (this is a paid feature) to be VERY effective.

Best wishes
0
 

Author Comment

by:cscdubai
Comment Utility
but what ever the comment u give it really not helpful me i tried it but fail
0
 
LVL 11

Expert Comment

by:NaturaTek
Comment Utility
I don't know the level of your infection. If you  tried the combofix and all else I posted above, then perhaps your system is infected with a certain rootkit, cloaked malware to a point where it might not even be worth it to repair.

If you did the scans above, please post the log of malwarebytes here, log of combofix here.
Download hijackthis http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
And post the log here.

In mean time back up your important documents. Pull out your windows xp cd and consider deleting your partition, recreating it and reinstalling windows xp.
leave your windows xp in the cd rom, when you boot up it should start the cd, if not, go into bios, select the CDrom in boot priority to be 1st. Xp install will guide you on deleting your existing installation.

0
 

Accepted Solution

by:
cscdubai earned 0 total points
Comment Utility
Now Eset Nod32 is detecting and cleaning this infections
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Removing fake BSOD virus 15 67
Eset Endpoint Antivirus Setup 10 44
decrypt files after ransomware 17 318
locky virus 14 192
To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now